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CLAIMS 



1 . A method in an access network for preventing hosts (5; A, B) connected to the 
access network from communicating directly with each other, said access network 

5 comprising an access router (1; 1 1 ; 1 T; 1 T'; 81) and one or more switches (3; 12; 12*; 
35, 36, 37; 83) wherein said hosts being in communication contact with said access 
■ router via said switches, said method comprising the steps of: 

- defining Virtual Local Area Networks, VLANs, in the switches such that traffic ^ 
arriving into the switches from said hosts is forced to the access router and 

10 - defining in the switches one downlink VLAN being asymmetric and carrying 
downlink traffic from the access router to said hosts, said downlink VLAN being 
common to said hosts connected to the access network, 
characterised by the further steps of: 

- configuring the VLANs such that said hosts connected to the access network belong 
1 5 to the same IP subnet and 

- configuring the access router to be an Address Resolution Protocol proxy and to 
perfonn intra-subnet routing. 

2. A method according to claim 1, wherein said hosts comprise all hosts connected to 
. 20 said access network. 

3. A method according to claim 1 or 2, characterised by defming in the switches (3; 
12; 12'; 35, 36, 37) one uplink VLAN being asymmetric and carrying uplinlc traffic 
from saidhosts(5; A,B)tothe access router (1; 11; 11'; 11"), said uplink VLAN 

25 being common to said hosts connected to the access network. 

4. A method according to claim 1 or 2, characterised by defining in the switches (83) 
in a fixed access network one uplink VLAN for each of said hosts or for each of one or 
more groups of said hosts, said uplink VLANs bemg used for only uplink traffic from 

30 said hosts to the access router (8 1). 
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5. A method according to claim 1 or 2, characterised by defining in the switches (83) 
in a fixed access network one uplink VLAN for each of said hosts or for each of one oi 
more groups of said hosts, said uplink VLANs being used for uplink trafiBc from said 
hosts to the access router (81) and further defining said uplink VLANs to also transfer 
downlink unicast traffic from the access router to the hosts. 

6. A method according to claim 1 or 2, characterised by defming in the switches (83) 
in a WLAN access network one uplink VLAN for each Access Point, AP, (85, 86) or 
for each of one or more groups of APs, said uplink VLANs being used for uplink 
traffic from the APs and the hosts connected to the APs to the access router (8 1). 

7. A method according to claim 3 or 6, characterised by configuring Access Points, 
APs, (14) in a WLAN to prevent hosts (A, B) connected to the same AP (14) from 
communicating directly with each other through the AP by extending the downlink 
VLAN and the uplink VLAN to incorporate the AP or by utilising the inherent 
configuration abilities of the AP. 

8. A method according to any one of the claims 4-7, characterised by providing in the 
switches (83) the frames sent from the hosts (A, B) to the access router (81) with 
VLAN tags and configuring the access router (8 1) to be VLAN aware. 

9. A method according to any one of the preceding claims, characterised by 
configuring the VLANs as shared VLANs. 

10. A method according to any one of the preceding claims, characterised by 
retrieving by the access router (1; 11; 11'; 11"; 81) address mapping information for 
the hosts (5 ; A, B) during the user authentication procedure. 

1 1. A method according to any one of the preceding claims, characterised by 
retrieving by the access router (1; 11; 11'; 11"; 81) address mapping information for 
the hosts (5; A, B) during the IP allocation procedure. 



wo 2004/032426 



41 



PCT/SE2003/001141 



12. A method according to any one of the preceding claims, characterised by 
providing more than one access router in the access network, the VLANs being 
configured such that the access routers belong to the same VLANs. 

13. An arrangement in an access network, said arrangement comprising an access 
router (1; 11; 11'; 11"; 81), one or more switches (3; 12; 12'; 35, 36, 37; 83) 
connected to the access router and one or more hosts (5; A, B) being in communication 
contact with said access router through said switches, wherein said arrangement is 
adapted to prevent said hosts from communicating directly with each other, said 
switches being configured to defme Virtual Local Area Networks, VLANs, such that 
traffic arriving into the switches from said hosts is forced to proceed to said access 
router, the switches further being configured to define one downlink VLAN being 
asymmetric and carrying downlink traffic from the access router to said hosts, said 
downlink VLAN being common to said hosts connected to the access network 
characterised in that the VLANs are configured such that said hosts belong to the 
same IP subnet and in that the access router is configured to be an Address Resolution 
Protocol proxy and to perform intra-subnet routing. 

14. An arrangement according to claim 13, characterised in that said hosts comprise 
all hosts connected to the access network. 

15. An arrangement according to claim 13 or 14, characterised in that the switches 
(3; 12; 12'; 35, 36, 37) are configured to define one uplink VLAN being asymmetric 
and carrying uplink traffic from the hosts (5; A, B) to the access router (1; 1 1; 1 1'; 
11"), said uplinlc VLAN being common to said hosts. 

16. An arrangement according to claim 13 or 14, characterised in that the switches 
(83) in a fixed access network are configured to define one uplink VLAN for each of 
said hosts or for each of one or more groups of said hosts, said uplink VLANs being 
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asymmetric and used for uplink traffic from said hosts (5; A, B) to the access router 
(81). 

17. An arrangement according to claim 13 or 14, characterised in that the switches 
(83) m a fixed access network are configured to define one uplink VLAN for each of 
said hosts or for each of one or more groups of said hosts, said uplink VLANs being 
used for uplink traffic from said hosts to the access router (81) and for downlink 
unicast traffic from the access router to the hosts. 

18. An arrangement according to claim 13 or 14, characterised in that the switches 
(83) in a WLAN access network are configured to define one uplink VLAN for each 
Access Point, AP, (85, 86) or for each of one or more groups of APs, said uplink 
VLANs being used for uplink traffic from the APs to the access router (81). 

19. An arrangement according to any one of the claims 16-18, characterised in that 
the access router (81) is configured to be VLAN aware and in that the switches (83) ' 
are adapted to provide the frames sent from the hosts (A, B) to the access router (81) 
with VLAN tags. 

20. An arrangement according to any one of the claims 13-19, characterised in that 
the switches (3; 12; 12'; 35, 36, 37; 83) are adapted to configure the VLANs as shared 
VLANs. 

21. An arrangement according to any one of the claims 13-20, characterised in that 
the access router (1; 11; 11'; 11"; 81)is adapted to retrieve address mapping 
information for the hosts (5; A, B) during the user authentication procedure. 

22. An arrangement according to any one of the claims 13-21, characterised in that 
the access router (1; 11; 11'; 11"; 81) is adapted to retrieve address mapping 
information for the hosts (5; A, B) during the IP allocation procedure. 
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23. An arrangement according to any one of the claims 13-22, characterised in that 
more than one access router are provided in the system, the VLANs being configured 
in the switches such that the access routers belong to the same VLANs. 

24. An access router in an arrangement according to any one of the claims 13-23. 



25. A switch in an arrangement according to any one of the claims 13-23, 



